Fixed support for 3+ dimensional input arrays, added a fixed for the PHP DoS float bug #53632, added support for type-casted arrays in get()1/9/11

1.0.0b16

Backwards Compatibility Break - changed get() to remove binary characters when casting to a string, changed int and integer to cast to a real integer when possible, added new types of binary and integer!11/30/10

1.0.0b15

Added documentation about [sub-key] syntax, added [sub-key] support to check()9/12/10

::generateCSRFToken()public

This method will return a random 15 character string that should be placed in a hidden input element on every HTML form. When the form contents are being processed, the token should be retrieved and passed into validateCSRFToken().

The value returned by this method is stored in the session and then checked by the validate method, which helps prevent cross site request forgeries and (naive) automated form submissions.

Tokens generated by this method are single use, so a user must request the page that generates the token at least once per submission.

Signature

stringgenerateCSRFToken(string$url=NULL )

Parameters

string

$url

The URL to generate a token for, default to the current page

Returns

The token to be submitted with the form

::get()public

Gets a value from the DELETE/PUT post data, $_POST or $_GET superglobals (in that order)

A value that exactly equals '' and is not cast to a specific type will become NULL.

Valid $cast_to types include:

'string'

'binary'

'int'

'integer'

'bool'

'boolean'

'array'

'date'

'time'

'timestamp'

It is possible to append a ? to a data type to return NULL whenever the $key was not specified in the request, or if the value was a blank string.

The array and unspecified $cast_to types allow for multi-dimensional arrays of string data. It is possible to cast an input value as a single-dimensional array of a specific type by appending [] to the $cast_to.

All string, array or unspecified $cast_to will result in the value(s) being interpreted as UTF-8 string and appropriately cleaned of invalid byte sequences. Also, all low-byte, non-printable characters will be stripped from the value. This includes all bytes less than the value of 32 (Space) other than Tab (\t), Newline (\n) and Cariage Return (\r).

To preserve low-byte, non-printable characters, or get the raw value without cleaning invalid UTF-8 byte sequences, plase use the value of binary for the $cast_to parameter.

Any integers that are beyond the range of 32bit storage will be returned as a string. The returned value can be forced to always be a real integer, which may cause truncation of the value, by passing integer! as the $cast_to.